| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|
| CVE-2026-27854 | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | An attacker might be able to trigger a use-after-free by sending craft ... |
| CVE-2026-27853 | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | An attacker might be able to trigger an out-of-bounds write by sending ... |
| CVE-2026-24030 | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | An attacker might be able to trick DNSdist into allocating too much me ... |
| CVE-2026-24029 | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | When the early_acl_drop (earlyACLDrop in Lua) option is disabled (defa ... |
| CVE-2026-24028 | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | An attacker might be able to trigger an out-of-bounds read by sending ... |
| CVE-2026-0397 | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | When the internal webserver is enabled (default is disabled), an attac ... |
| CVE-2026-0396 | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | An attacker might be able to inject HTML content into the internal web ... |
| CVE-2025-30193 | vulnerable | vulnerable | fixed | fixed | fixed | In some circumstances, when DNSdist is configured to allow an unlimite ... |
| CVE-2023-44487 | vulnerable (no DSA) | vulnerable | fixed | fixed | fixed | The HTTP/2 protocol allows a denial of service (server resource consum ... |